BSA Conference: Expert gives a glimpse into cyber black market

FORT LAUDERDALE, Fla. (11/19/15)--When personal information is stolen by cybercriminals where does it go? CUNA/National Association of State Credit Union Supervisors Bank Secrecy Act Conference attendees got a glimpse into that world Wednesday, a glimpse into the cyber black market.

Wes Withrow, a cybersecurity expert with TraceSecurity, outlined how information technology (IT) professionals can detect things such as zero-day attacks, which involves hackers finding a backdoor into a system and stealing the information before the vulnerability can be fixed.

“At the end of the day, all you’re really doing in IT security is taking a baseline of something and then comparing that baseline and seeing if it’s changed,” Withrow said. “It’s very simple, but the tools to do that weren’t available for a long time, but they are now.”

Withrow gave three recommendations for those in attendance to bring back to their credit unions:

Have a conversation with compliance and IT teams and find out cybersecurity plans for the next year or so, including changes that are needed as hackers get more sophisticated;

Use cloud-based services that are able to perform the kind of analysis that until recently was cost prohibitive for most entities except large governments. These services allow most institutions to perform threat analysis and test for vulnerabilities; and

Get involved with organizations such as the Cloud Security Alliance to share information and learn about the latest threats. Withrow said this type of interaction between IT professionals is crucial for saying up to date.

When it comes to how cyber black markets get busted, Withrow said there’s only one method that seems to work: catching people and turning them in to law enforcement. “People who end up getting busted, hackers that get caught, and the government gives them options: cooperate or don’t cooperate,” he said. “Most of the actual intelligence and information that gets out isn’t from us, it’s from these moles. It’s still a boots on the ground thing, if you can catch one of these people with access, find their weakness and turn them, that’s what ends up busting these big, big networks.”

A recent example of what goes on in the cyber black market came to light in July, when anFBI-led law enforcement efforts led to the seizure of Darkode, a cyber black market described by Europol as “the most prolific English-speaking cybercriminal forum to date.”

More than 70 arrests were made across 20 countries, including 12 in the United States. Darkode forums offered everything from eBay account information to Skype accounts, all with accompanying personal information.

Who should be the 2018 CU Hero of the Year?

Champion of America’s Credit Unions

Credit Union National Association is the only national association that advocates on behalf of all of America’s credit unions. We work tirelessly to protect your best interests in Washington and all 50 states. We fuel your professional growth at every level and champion the credit union story at every turn.